就是TEB::StackBase-TEB::StackLimit的值约为线程栈保留大小(VC++编译器默认的是1M),就可以判断栈 爆掉了

比如:

!teb
TEB at 01192000
    ExceptionList:        0120134c
    StackBase:            01300000
    StackLimit:           01201000
    SubSystemTib:         00000000
    FiberData:            00001e00
    ArbitraryUserPointer: 00000000
    Self:                 01192000
    EnvironmentPointer:   00000000
    ClientId:             00004b7c . 000059d4
    RpcHandle:            00000000
    Tls Storage:          1a17b928
    PEB Address:          0118f000
    LastErrorValue:       0
    LastStatusValue:      c0000034
    Count Owned Locks:    0
    HardErrorMode:        0

?StackBase-StackLimit=01300000-01201000=1044480B=1020K加上保护页4K,就是1024K=1M了。

又比如:

0:000> !teb
TEB at 002bf000
    ExceptionList:        001cfd78
    StackBase:            001d0000
    StackLimit:           000d1000
    SubSystemTib:         00000000
    FiberData:            00001e00
    ArbitraryUserPointer: 00000000
    Self:                 002bf000
    EnvironmentPointer:   00000000
    ClientId:             00002d60 . 000044e4
    RpcHandle:            00000000
    Tls Storage:          0069d808
    PEB Address:          002bc000
    LastErrorValue:       0
    LastStatusValue:      0
    Count Owned Locks:    0
    HardErrorMode:        0
?StackBase-StackLimit==001d0000-000d1000=1020K加上保护页4K,也是1024K=1M了。

标签: none

添加新评论